Protecting the privacy of others

More and more people are learning to watch their digital steps in our wired world.

“There’s the issue of the information individuals voluntarily send out into the Internet, but then there’s the separate issue of the footprint of online government and company information,” says Michelle Chibba, director of policy for the Information and Privacy Commissioner of Ontario, Canada.

While Europe and Canada have fairly comprehensive and overarching privacy legislation, the United States still remains a patchwork with no federal privacy law. But the internationally-recognized Fair Information Practices, or FIPS, as they’re also known, are built into all privacy standards, says Chibba.

“The FIPS have several key components,” she says. For example custodians must clearly identify the purpose of the information being collected, and ensure that the use of this information is limited to the purpose for which it was collected. Custodians must also prevent unauthorized parties from accessing private information as well as ensuring the integrity and accuracy of the data in their keeping.

While more companies and governments are creating the position of Chief Privacy Officer or its equivalent to implement privacy policies, the responsibility for protecting personal information should never be left in the hands of one high-level individual, says Chibba.

All employees should understand privacy rules and be able to deal with threats to privacy including a phenomenon known as social engineering, when hackers attempt to garner personal information from individuals within an organization.